Back

elcompanies.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain elcompanies.com exhibits a critical risk score of 100, primarily driven by an overwhelming volume of historical data breaches (14,213 events) and a significant number of active infostealer logs (396 events) observed between July 2025 and June 2026. A substantial spike in employee-related events occurred in January 2026, coinciding with a broader increase in client-related events throughout the period. Malware analysis reveals a prevalence of infostealers such as LummaC2, Redline, and Acreed. Targeted services include internal portals like dimfa.elcompanies.com and myglobalhr.elcompanies.com, suggesting potential compromise of employee credentials or sensitive internal data. The majority of data leaks originate from database dumps and combolist sources, indicating a high likelihood of credential stuffing attacks and exposed sensitive information. Geographically, the United Kingdom, India, and the United States are most represented in the observed events.

Total Events

14,609
credential exposure events

Employee Affected Events

12,182
account email domain = elcompanies.com

Client Affected Events

2,427
service target = elcompanies.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
12,0008,0004,0000
peak month 11,930
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events396
Share3%
Data breaches
Events14,213
Share97%
Infostealer logs (3%)
396events
Data breaches (97%)
14,213events

12,182 compromised employee accounts pose an infrastructure risk, while 2,427 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender13
Windows Defender [ON]1
None1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC275
Redline54
Acreed44
Rhadamanthys28
StealC12
Vidar7
RisePro5
Raccoon3

Top Login URLs

Top exposed services found in the event results

  1. 1https://dimfa.elcompanies.com/openam/XUI/255
  2. 2dimfa.elcompanies.com/openam/XUI/141
  3. 3https://dimfa.elcompanies.com100
  4. 4dimfa.elcompanies.com97
  5. 5myglobalhr.elcompanies.com74
  6. 6https://myglobalhr.elcompanies.com/OA_HTML/a/70
  7. 7https://myglobalhr.elcompanies.com69
  8. 8dimfa.elcompanies.com/openam/xui/66
  9. 9myglobalhr.elcompanies.com/OA_HTML/a/49
  10. 10https://dimfa.elcompanies.com/openam/xui/47

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United Kingdom
Events47
India
Events45
United States
Events19
Thailand
Events15
Canada
Events15
Peru
Events14
China
Events12
Hungary
Events12

Country Breakdown

  1. 1United Kingdom47
  2. 2India45
  3. 3United States19
  4. 4Thailand15
  5. 5Canada15
  6. 6Peru14
  7. 7China12
  8. 8Hungary12

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft85
Cisco (AnyConnect)24
Citrix10

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1161
Windows 11 24H2 build 26100 (64 Bit)27
Windows 11 Pro (10.0.26100) x6422
Windows 10 Pro15
Windows 10 (10.0.22621)14

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
2,189
Combolist pools
12,024
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.